|
|
|
|
|
|
by dmix
3352 days ago
|
|
|
Yet security researchers go to prison for iterating the ID numbers in a URL to access private profile pages :/ This is negligent. If they are running banking ecommerce infrastructure and are unable to deal with 101 security risks then it is absolutely negligent. The "it is too complex for the average person" isn't an adequate defense. The only thing is that there has to be someone who lost something of real value for it to go to court as negligence does it not? |
|
|
In your contact with companies you should say "Failing to fix this issue would be a violation of reasonably assumed security practices as required in LAW..."